DPC: Sårbarhedsscanner rapporterer, at Node.js og MongoDB-versionen er ude af support

Scanneren viser, at Node.js, der er installeret på DPC, understøttes ikke.

Scanneren viser, at MongoDB, der er installeret på DPC, understøttes ikke.

Dette er resultatet af, at der køres en sårbarhedsscanner på DPC-serveren.

Produktadministration og teknik har givet følgende oplysninger om dette problem. 

MongDB:

"MongoDB 4.2.x will remain at its current version within our architecture. While MongoDB is out of vendor compatibility/compliance, our multilayered security architecture prevents external attacks: MongoDB is not directly accessible from external networks, protected by firewall rules, and only accessible internally through authenticated application layers. This isolation eliminates direct attack vectors, making the system secure despite EOL status. We continue to provide break/fix support and security patching where applicable and possible."

Node.js:

"We acknowledge Node.js 16.x (v16.20.2) reached End-of-Life. However, our deployment architecture eliminates attack surfaces: Node.js is bundled within the application (not system-wide), production serves only prebuilt static files, Node.js runtime is never exposed to network requests, and the npm package manager is absent in production. This means attackers cannot directly target or exploit Node.js vulnerabilities, making the deployment secure despite EOL status."